From fb884c7263deebda66c244503a2eede32c2260fe Mon Sep 17 00:00:00 2001 From: L3D Date: Sun, 21 Mar 2021 00:27:27 +0100 Subject: [PATCH] resolve merge conflicts from https://github.com/thomas-maurice/ansible-role-gitea/pull/62 --- README.md | 8 +++++++- defaults/main.yml | 6 ++++++ templates/gitea.ini.j2 | 35 +++++++++++++++++++++++++++++------ templates/gitea.service.j2 | 2 +- 4 files changed, 43 insertions(+), 8 deletions(-) diff --git a/README.md b/README.md index 79c60c6..2129a04 100644 --- a/README.md +++ b/README.md @@ -68,6 +68,7 @@ The following code has been tested with Debian 8, it should work on Ubuntu as we * `gitea_disable_gravatar`: Do you want to disable Gravatar ? (privacy and so on) (true/false) * `gitea_offline_mode`: Same but for disabling CDNs for frontend assets (true/false) * `gitea_disable_registration`: Do you want to disable user registration ? (true/false) +* `gitea_register_email_confirm`: Enable this to ask for mail confirmation of registration. Requires `gitea_mailer_enabled` to be enabled (Default: `false`) * `gitea_only_allow_external_registration`: Do you want to force registration only using third-party services ? (true/false) * `gitea_show_registration_button`: Do you want to show the registration button? (true/false) * `gitea_require_signin`: Do you require a signin to see repo's (even public ones) ? (true/false) @@ -90,8 +91,9 @@ The following code has been tested with Debian 8, it should work on Ubuntu as we * `gitea_root_url`: Root URL used to access your web app (full URL) * `gitea_protocol`: Listening protocol (http/https) * `gitea_http_listen`: Bind address -* `gitea_http_port`: Bind port +* `gitea_http_port`: Bind port (redirect from `80` will be activated if value is `443` - Default: `3000`) * `gitea_disable_http_git`: Disable the use of Git over HTTP ? (true/false) +* `gitea_http_letsencrypt_mail` Enable Let`s Encrypt if a email address is given ### SSH configuration @@ -119,6 +121,7 @@ The following code has been tested with Debian 8, it should work on Ubuntu as we * `gitea_mailer_user`: SMTP server username * `gitea_mailer_password`: SMTP server password * `gitea_mailer_from`: Sender mail address +* `gitea_subject_prefix`: Prefix to be placed before e-mail subject lines (Default: ``) * `gitea_enable_notify_mail`: Whether e-mail should be send to watchers of a repository when something happens. Default: `false` ### LFS configuration @@ -127,6 +130,9 @@ The following code has been tested with Debian 8, it should work on Ubuntu as we * `gitea_lfs_content_path`: path where the lfs files are stored * `gitea_lfs_secret`: JWT secret for remote LFS usage. Can be generated with ``gitea generate secret JWT_SECRET`` +### Log configuration +* `gitea_log_systemd` Disable logging into `file`, use systemd-journald +* `gitea_log_only_warning` Log only warnings or above, no http access or sql logging (Default: `true`) ### Fail2Ban configuration diff --git a/defaults/main.yml b/defaults/main.yml index cd81a54..6b9a590 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -20,6 +20,7 @@ gitea_root_url: http://localhost:3000 gitea_protocol: http gitea_http_listen: 127.0.0.1 gitea_http_port: 3000 +# gitea_http_letsencrypt_mail: - required gitea_disable_http_git: false gitea_offline_mode: true @@ -47,6 +48,7 @@ gitea_disable_git_hooks: true gitea_show_user_email: false gitea_disable_gravatar: true gitea_disable_registration: false +gitea_register_email_confirm: false gitea_show_registration_button: true gitea_require_signin: true gitea_enable_captcha: true @@ -62,8 +64,12 @@ gitea_mailer_host: localhost:25 gitea_mailer_from: noreply@your.domain gitea_mailer_user: "" gitea_mailer_password: "" +gitea_subject_prefix: "" gitea_mailer_type: smtp +gitea_log_systemd: false +gitea_log_only_warning: true + gitea_fail2ban_enabled: false gitea_fail2ban_jail_maxretry: 10 gitea_fail2ban_jail_findtime: 3600 diff --git a/templates/gitea.ini.j2 b/templates/gitea.ini.j2 index 3030715..227a995 100644 --- a/templates/gitea.ini.j2 +++ b/templates/gitea.ini.j2 @@ -35,8 +35,16 @@ PROTOCOL = {{ gitea_protocol }} DOMAIN = {{ gitea_http_domain }} ROOT_URL = {{ gitea_root_url }} ; The address to listen on. Either a IPv4/IPv6 address or the path to a unix socket. -HTTP_ADDR = {{ gitea_http_listen }} -HTTP_PORT = {{ gitea_http_port }} +HTTP_ADDR = {{ gitea_http_listen }} +HTTP_PORT = {{ gitea_http_port }} +{% if gitea_http_port == 443 %} +PORT_TO_REDIRECT = 80 +{% endif %} +{% if gitea_http_letsencrypt_mail is defined %} +ENABLE_LETSENCRYPT = true +LETSENCRYPT_ACCEPTTOS = true +LETSENCRYPT_EMAIL = {{ gitea_http_letsencrypt_mail }} +{% endif %} ; Disable SSH feature when not available DISABLE_SSH = false ; Whether to use the builtin SSH server or not. @@ -74,7 +82,10 @@ PASSWD = {{ gitea_db_password }} ; For MySQL, either "false" (default), "true", or "skip-verify" SSL_MODE = {{ gitea_db_ssl }} ; For "sqlite3" and "tidb", use an absolute path when you start gitea as service -PATH = {{ gitea_db_path }} +PATH = {{ gitea_db_path }} +{% if gitea_log_only_warning %} +LOG_SQL = false +{% endif %} [indexer] ; Issue indexer storage path, available when ISSUE_INDEXER_TYPE is bleve @@ -104,7 +115,8 @@ DISABLE_GIT_HOOKS = {{ gitea_disable_git_hooks | ternary('true', 'false') }} [service] ; Disallow registration, only allow admins to create accounts. -DISABLE_REGISTRATION = {{ gitea_disable_registration }} +DISABLE_REGISTRATION = {{ gitea_disable_registration }} +REGISTER_EMAIL_CONFIRM = {{ gitea_register_email_confirm }} ; User must sign in to view anything. REQUIRE_SIGNIN_VIEW = {{ gitea_require_signin | ternary('true', 'false') }} ; Enable captcha validation for registration @@ -143,6 +155,7 @@ USER = {{ gitea_mailer_user }} PASSWD = {{ gitea_mailer_password }} ; Send mails as plain text SEND_AS_PLAIN_TEXT = false +SUBJECT_PREFIX = {{ gitea_subject_prefix }} ; Set Mailer Type (either SMTP, sendmail or dummy to just send to the log) MAILER_TYPE = {{ gitea_mailer_type }} ; Specify an alternative sendmail binary @@ -173,12 +186,22 @@ PATH = {{ gitea_home }}/data/attachments ROOT_PATH = {{ gitea_home }}/log ; Either "console", "file", "conn", "smtp" or "database", default is "console" ; Use comma to separate multiple modes, e.g. "console, file" -MODE = file +{% if gitea_log_systemd %} +MODE = console +MACARON = console +{% else %} +MODE = file +{% endif %} ; Buffer length of the channel, keep it as it is if you don't know what it is. BUFFER_LEN = 10000 ; Either "Trace", "Debug", "Info", "Warn", "Error", "Critical", default is "Trace" -LEVEL = {{ gitea_log_level }} +{% if gitea_log_only_warning %} +LEVEL = Warn +REDIRECT_MACARON_LOG = true +{% else %} +LEVEL = Info REDIRECT_MACARON_LOG = false +{% endif %} [oauth2] ENABLE = {{ gitea_oauth2_enabled }} diff --git a/templates/gitea.service.j2 b/templates/gitea.service.j2 index 0dd69a5..3434766 100644 --- a/templates/gitea.service.j2 +++ b/templates/gitea.service.j2 @@ -5,7 +5,7 @@ After=network.target [Service] User={{ gitea_user }} Group={{ gitea_group }} -ExecStart=/usr/local/bin/gitea web -c /etc/gitea/gitea.ini +ExecStart=/usr/local/bin/gitea web -c /etc/gitea/gitea.ini --custom-path {{ gitea_home }}/custom/ Restart=on-failure WorkingDirectory={{ gitea_home }} {% if gitea_systemd_cap_net_bind_service %}